Xopero Blog

If you are using TeamViewer, make sure you’re running its latest version. The newest release includes a patch for the serious vulnerability which could allow attackers to steal your system password and eventually compromise it. More about CVE 2020-13699 vulnerability you can find below.

Essentially, bad actors could abuse the Microsoft Teams Updater – an update mechanism – to download any malicious binary files from Comand-and-Control Servers.

BootHole – the new security hole affects one of the most popular bootloader components in the market. The list of affected systems includes servers and workstations, laptops and desktops, and possibly a large number of Linux-based OT and IoT systems.

Welcome to the next episode of the Xopero Security Center! This time we are sharing with you information about recently discovered a complex Monero botnet, named Prometei. Among other things, the new threat is using stolen credentials and also takes advantage of SMB exploits. Keep reading.

Researchers at CheckPoint discovered a 17-year-old wormable, critical vulnerability in the Windows DNS server – named SIGRed – that can be triggered by a malicious DNS response.­­ Microsoft urges Sysadmins to patch servers as quickly as possible.

Project Freta is a cloud-based malware detection service announced by Microsoft Research Team. Malware, rootkits, cryptominers… Hard to detect threats which are lurking in cloud VM images should be much easier to reach and deal with. And Freta already supports over 4k Linux kernel versions. Let’s just say that it looks promising.

US Cyber Command has warned users to immediately patch the new critical vulnerability in PAN-OS. Is it really such a major security concern? 10/10 CVSSv3 score means that you definitely should not waste any more time… Hacking groups are likely to start exploiting this bug soon.

Glupteba has been first spotted in 2018. Now after almost 2 years, malware is still a serious threat. This is not just a malware – it’s also a rootkit, security suppressor, virus, router attack tool, browser stealer, and cryptojacker…

Welcome to the next episode of the Xopero Security Center! This time we are sharing security news about the Ripple20 vulnerability set, which affects a widely used low-level TCP/IP library. Researchers discovered 19 dangerous 0-day (sic!). Unfortunately, there is no easy solution. At last for now…

Welcome to the next episode of the Xopero Security Center! There is a new SMB protocol vulnerability called SMBleed and tracked as CVE-2020-1206 which allows an attacker to leak kernel memory remotely, without any authentication. How can it be exploited? Check below.